-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
We need to pick a new hosting solution for jenkins.ovirt.org.
One idea is for us to throw out some favorite hosting providers here,
and see if we can sort out what would be a good solution.
Other ideas have been floated.
Ideally, we'll get more hardware in the future via some hosting that
Red Hat is working on providing for projects. In the meantime ...
Do any other sponsoring organizations have resources we can look in to?
Once we pick something, we can move it all fairly quickly, I think.
Can we target the end of this week? Perhaps, if we don't run in to any
complications ...
- - Karsten
- --
Karsten 'quaid' Wade, Sr. Analyst - Community Growth
http://TheOpenSourceWay.org .^\ http://community.redhat.com
@quaid (identi.ca/twitter/IRC) \v' gpg: AD0E0C41
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iD8DBQFQF+9b2ZIOBq0ODEERAgztAKCKGv3WgUlIpOQ3AvgnY7V+r42C0ACffdb7
CA0i4zoGWeWGS52n3tW/SLk=
=xKs6
-----END PGP SIGNATURE-----

Hi,
Following last infra meeting, i want to open for discussion the security issues that may arise if we allow Jenkins
to run jobs (i.e any code) with every gerrit patch.
The problem:
In theory, any user that is registered to gerrit might send a patch to any ovirt project.
That code might contain malicious code, malware, harmfull or just not-related ovirt code that he wants to use our resources for it.
Even though we use limited sudo on hosts, we can't be sure an exploit will be used against one of the jenkins slaves.
The proposed solutions:
- black-listing authors (published on ovirt.org?)
- white-listing authors (published on ovirt.org?)
- auto approve patch via comparing to lastest commits
- check if author recent patches were approved in the past?
adding dan since he raised this issue when we wanted to add vdsm gerrit tests.
thoughts?
Eyal.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I'm back with the rescheduled outage for the www.ovirt.org server.
We're filling up the disk on www.ovirt.org, which is expected since
it's only 10 GB. I'm going to add 15 GB, which requires a reboot.
Prior to the reboot I'll come on IRC and make sure everyone is
prepared.
The restart should only take a few minutes. The hour window is to give
me time to start and finish or rollback if there is a problem.
If anyone has done this before on Linode and wants to offer
suggestions or hold my hand :) let me know.
== When ==
2300 to 2330 UTC
date -d "2012-07-13 2300 UTC"
== Affected services ==
lists.ovirt.orgwww.ovirt.org/wikiwww.ovirt.org/.*
ovirtbot (IRC bot)
- --
Karsten 'quaid' Wade, Sr. Analyst - Community Growth
http://TheOpenSourceWay.org .^\ http://community.redhat.com
@quaid (identi.ca/twitter/IRC) \v' gpg: AD0E0C41
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iD8DBQFP/3lg2ZIOBq0ODEERAlP4AJ4hbvBeUNcuoDe0PYPOPjauqc6BZwCdFLGm
3nkaZ1xffyW0T7w4nz7RH8Y=
=2zx3
-----END PGP SIGNATURE-----

Hi Robert,
Got a few email messages from Jenkins using this From header:
From: Jenkins testing Server <robert(a)middleswarth.net>
Can you please fix it to use the standard header of-
From: Jenkins oVirt Server <jenkins(a)ovirt.org>
Otherwise our mail filtering rules will become unmaintainable...
Thanks!
Doron
--
/d
"All computers wait at the same speed."

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I was adding a cronjob to archive Apache logs ... one of those things
I suddenly realized I wished I'd done six months ago ... and I noticed
that the root crontab I wrote assumed the quiet time of the day would
be Midnight Eastern timezone. I checked the graphs on linode.com and
found our low time is 20:00 Eastern (8 pm)/Midnight UTC, rising to a
peak at 14:00 UTC, then quickly back down toward 00:00. Of course,
there are lots of other peaks during the day; I'm thinking more of the
sustained baseline. (Refer to the attached usage graphs for the last
24 hours.)
I switched the cronjobs to start at Midnight UTC, and then run over
the course of an hour with long spaces in between.
Just seemed like the right thing to do, so I did it; same with
notifying, being it's a relatively minor change that couldn't disrupt
any services.
- - Karsten
# Give root word about the backup
MAILTO=root
#
# Run five minutes after 8 pm Eastern/Midnight UTC at quietest time,
every day
5 20 * * * /root/bin/wordpress-backup.sh
# Run ten minutes after 8 pm Eastern/Midnight UTC at quietest time,
every day
10 20 * * * /root/bin/mediawiki-backup.sh
# Run thirty minutes after 8 pm Eastern/Midnight UTC every day, to
clean out older than 7 days
30 20 * * * /root/bin/backup-cleanup.sh
# Run forty-five minutes after 8 pm Eastern/Midnight UTC every day, to
track subscriber trends
45 20 * * * /root/bin/mailman-subscriber-count.sh
# Run fifty-five minutes after 8 pm Eastern/Midnight UTC every day, to
archve Apache logs
55 20 * * * /root/bin/httpd_log_backup.sh
~
- --
Karsten 'quaid' Wade, Sr. Analyst - Community Growth
http://TheOpenSourceWay.org .^\ http://community.redhat.com
@quaid (identi.ca/twitter/IRC) \v' gpg: AD0E0C41
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iD8DBQFQEx+P2ZIOBq0ODEERAvJZAKDOk0WYGIGYVsp8DtxHylQpxGCnBgCdElkX
QJsx1MStANWUqN6OgDkSYBE=
=ph5Q
-----END PGP SIGNATURE-----

I have nightly backups running that is pulling down the following folders.
/usr/local/bin/
/usr/local/sbin/
/etc/
/home/
/var/lib/jenkins/
Excluding /var/lib/jenkins/workspace/*
/var/log/jenkins/
Did I miss anything?
Thanks
Robert

I was watching how overloaded Jenkins was well it was running 3 jobs on
the master server. It was so overload that the Jenkins website became
unresponsive for a several min. So I reduced the number of jobs that
will on the master.
Thanks
Robert